Bill H Posted April 6, 2011 Report Share Posted April 6, 2011 I have the following setting in the Access area 0.0.0.0/0 Allow I thought this was the correct setting to block the dreaded "Scanner" / "Flooder" but it does not seem to work. Is there something else that I should do? Windows with Version 3.4.0.3198 (Win32) Quote Link to comment Share on other sites More sharing options...
Vodia PBX Posted April 6, 2011 Report Share Posted April 6, 2011 Oh no, this says "everyone is allowed". The rule goes like this: Ifyou allow an address or subnet, well then this one is allowed to access the PBX, even with floods of requests. If you disable an address, the PBX will not look at traffic from that address, even if the request looks nice and friendly. If the address is neither allowed nor disabled, then we are in "automatic" mode, which means nice requests are allowed, and floodings are stopped after a handful of invalid requests. Quote Link to comment Share on other sites More sharing options...
Bill H Posted April 6, 2011 Author Report Share Posted April 6, 2011 OK Then if I understand you correctly, does the "Automatic" mode require any input from me? That is, do I need to enter anything to activate the "Automatic" mode or is it activated by default? I believe that is how I had it set (blank) in the past and it did not stop unwanted packets. Quote Link to comment Share on other sites More sharing options...
Vodia PBX Posted April 6, 2011 Report Share Posted April 6, 2011 Yes "automatic" does not need intervention, sometimes a little adjustments of the parameters when the PBX thinks that someone is trying to attack the system. If you know what addresses are fine, then it does not hurt to give them full access. For example, if you are running the PBX in a LAN, it is okay to give all addresses in the LAN access to the PBX (e.g. 192.168.1.x/24). This avoids false alarms, which can be annoying. Quote Link to comment Share on other sites More sharing options...
Bill H Posted April 6, 2011 Author Report Share Posted April 6, 2011 OK, Thank you for the response. This pbx is using the Double NIC Method and is directly on the Internet. I will let you know if it gets flooded again and if the "Automatic" mode worked OK... Quote Link to comment Share on other sites More sharing options...
pbx support Posted April 7, 2011 Report Share Posted April 7, 2011 FYI.. v3 is not that aggressive in detecting/blocking attack compared to v4. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.